locked
Windows Phone 8.1 MDM : Application blacklisting/whitelisting not working RRS feed

  • Question

  • Hi All,

    I am facing issues in app blacklisting via MDM. Device responds with 200 but doesn't disable the app. Blacklisting is working only at publisher level and not working for blocking specific app using product id.

    XML to block apps at Publisher level: This is working for me

    <Atomic>
                <CmdID>91-0</CmdID>
                <Replace>
                    <CmdID>91-1</CmdID>
                    <Item>
                        <Target>
                            <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                        </Target>
                        <Meta>
                            <Format xmlns="syncml:metinf">chr</Format>
                            <Type xmlns="syncml:metinf">text/plain</Type>
                        </Meta>
                        <Data>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;AppPolicy Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/phone/2013/policy&quot;&gt;&lt;Deny&gt;&lt;Publisher PublisherName=&quot;eyacker.com&quot;/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;</Data>
                    </Item>
                </Replace>
            </Atomic>

    But I am not able to block at applications level. This is not working. Sample XML below:

    <Atomic>
                <CmdID>92-0</CmdID>
                <Replace>
                    <CmdID>92-1</CmdID>
                    <Item>
                        <Target>
                            <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                        </Target>
                        <Meta>
                            <Format xmlns="syncml:metinf">chr</Format>
                            <Type xmlns="syncml:metinf">text/plain</Type>
                        </Meta>
                        <Data>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;AppPolicy Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/phone/2013/policy&quot;&gt;&lt;Deny&gt;&lt;App ProductId=&quot;ab34b368-1c7d-448d-b849-4d9dc654de4fd&quot;/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;</Data>
                    </Item>
                </Replace>
            </Atomic>

    I have also observed that even if we send invalid value (invalid tags or tags which are not closed) inside <Data> tag, still device returns 200 for that command. e.g: <Denyyasas> instead of <Deny> 


    Can you provide any working sample which will block the apps by ProductId.

    Regards,

    Ganesh Shinde

    Tuesday, November 18, 2014 2:33 PM

Answers

  • Hello All,

    I am able to blacklist application by app id now. Sample syncML sent to device for blocking below applications:

    irctc   - df6203c2-1f03-4854-b741-f3599c9f6b92
    GK in hindi - b01260f9-e6e0-4164-883a-2ad0cdab74bc
    File Manager Free - 5f2122de-a3e6-47d7-8037-21585e0e0c4c

    SyncML:

    <SyncML xmlns="SYNCML:SYNCML1.2">
        <SyncHdr>
            <VerDTD>1.2</VerDTD>
            <VerProto>DM/1.2</VerProto>
            <SessionID>10</SessionID>
            <MsgID>1</MsgID>
            <Target>
                <LocURI>urn:uuid:B97AF5A9-3F70-594D-A701-8F67591B5F70</LocURI>
            </Target>
            <Source>
                <LocURI>https://HostName:8088/ws/deviceapi/wp/syncml</LocURI>
            </Source>
        </SyncHdr>
        <SyncBody>
            <Status>
                <CmdID>1</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>0</CmdRef>
                <Cmd>SyncHdr</Cmd>
                <Data>200</Data>
            </Status>
            <Status>
                <CmdID>2</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>2</CmdRef>
                <Cmd>Alert</Cmd>
                <Data>200</Data>
            </Status>
            <Status>
                <CmdID>3</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>3</CmdRef>
                <Cmd>Replace</Cmd>
                <Data>200</Data>
            </Status>
            <Atomic>
                <CmdID>144-0</CmdID>
                <Replace>
                    <CmdID>144-1</CmdID>
                    <Item>
                        <Target>
                            <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                        </Target>
                        <Meta>
                            <Format xmlns="syncml:metinf">chr</Format>
                            <Type xmlns="syncml:metinf">text/plain</Type>
                        </Meta>
                        <Data>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;AppPolicy Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/phone/2013/policy&quot;&gt;&lt;Deny&gt;&lt;App ProductId=&quot;{b01260f9-e6e0-4164-883a-2ad0cdab74bc}&quot;/&gt;&lt;App ProductId=&quot;{5f2122de-a3e6-47d7-8037-21585e0e0c4c}&quot;/&gt;&lt;App ProductId=&quot;{df6203c2-1f03-4854-b741-f3599c9f6b92}&quot;/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;</Data>
                    </Item>
                </Replace>
            </Atomic>
            <Final />
        </SyncBody>
    </SyncML>

    Regards,

    Ganesh Shinde

    • Marked as answer by Ganesh14Shinde Thursday, November 20, 2014 12:16 PM
    Thursday, November 20, 2014 12:16 PM

All replies

  • Here is an example to block the apps using productID.

    <?xml version="1.0"?>
    
    -<SyncML xmlns="SYNCML:SYNCML1.2">
    
    
    -<SyncBody>
    
    
    -<Replace>
    
    <CmdID>2</CmdID>
    
    
    -<Item>
    
    
    -<Target>
    
    <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
    
    </Target>
    
    
    -<Data>
    
    <Data><?xml version="1.0" encoding="utf-8"?><AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="9c3e8cad-1111-1212-8f11-b8b33cc111f1" /><App ProductId="c3f8e570-6111-4d6a-bdbb-c0a3f4361151"/></Deny></AppPolicy> </Data>
    
    </Data>
    
    </Item>
    
    </Replace>
    
    <Final/>
    
    </SyncBody>
    
    </SyncML>


    Tuesday, November 18, 2014 8:59 PM
  • Hi Rashmi,

    Sample XML you provided is not working. I have tested this before from inputs you given in other threads. I was expecting working sample.

    Please let me know if blacklisting apps by app id has worked for anyone. I dont see anyone posted any working sample for this. 

    Is there any bug for blacklisting apps by app id in the DM client? Windows MDM protocol documentation is not at all helpful on this topic.

    Please update me on this. Thank you.

    Regards,

    Ganesh Shinde

    Wednesday, November 19, 2014 5:18 AM
  • Hello All,

    I am able to blacklist application by app id now. Sample syncML sent to device for blocking below applications:

    irctc   - df6203c2-1f03-4854-b741-f3599c9f6b92
    GK in hindi - b01260f9-e6e0-4164-883a-2ad0cdab74bc
    File Manager Free - 5f2122de-a3e6-47d7-8037-21585e0e0c4c

    SyncML:

    <SyncML xmlns="SYNCML:SYNCML1.2">
        <SyncHdr>
            <VerDTD>1.2</VerDTD>
            <VerProto>DM/1.2</VerProto>
            <SessionID>10</SessionID>
            <MsgID>1</MsgID>
            <Target>
                <LocURI>urn:uuid:B97AF5A9-3F70-594D-A701-8F67591B5F70</LocURI>
            </Target>
            <Source>
                <LocURI>https://HostName:8088/ws/deviceapi/wp/syncml</LocURI>
            </Source>
        </SyncHdr>
        <SyncBody>
            <Status>
                <CmdID>1</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>0</CmdRef>
                <Cmd>SyncHdr</Cmd>
                <Data>200</Data>
            </Status>
            <Status>
                <CmdID>2</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>2</CmdRef>
                <Cmd>Alert</Cmd>
                <Data>200</Data>
            </Status>
            <Status>
                <CmdID>3</CmdID>
                <MsgRef>1</MsgRef>
                <CmdRef>3</CmdRef>
                <Cmd>Replace</Cmd>
                <Data>200</Data>
            </Status>
            <Atomic>
                <CmdID>144-0</CmdID>
                <Replace>
                    <CmdID>144-1</CmdID>
                    <Item>
                        <Target>
                            <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                        </Target>
                        <Meta>
                            <Format xmlns="syncml:metinf">chr</Format>
                            <Type xmlns="syncml:metinf">text/plain</Type>
                        </Meta>
                        <Data>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;AppPolicy Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/phone/2013/policy&quot;&gt;&lt;Deny&gt;&lt;App ProductId=&quot;{b01260f9-e6e0-4164-883a-2ad0cdab74bc}&quot;/&gt;&lt;App ProductId=&quot;{5f2122de-a3e6-47d7-8037-21585e0e0c4c}&quot;/&gt;&lt;App ProductId=&quot;{df6203c2-1f03-4854-b741-f3599c9f6b92}&quot;/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;</Data>
                    </Item>
                </Replace>
            </Atomic>
            <Final />
        </SyncBody>
    </SyncML>

    Regards,

    Ganesh Shinde

    • Marked as answer by Ganesh14Shinde Thursday, November 20, 2014 12:16 PM
    Thursday, November 20, 2014 12:16 PM
  • Hello Ganesh.  Some time has gone by since you wrote this. I wonder, do you have some updated experiences with this?

    I ask because I am trying to add this policy in the Intune configuration policies:

    with OMA-URI setting of:  ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions

    Data Type: String (XML)

    Value:  <AppPolicy Version=”1″ xmlns=”http://schemas.microsoft.com/phone/2013/policy”><Deny><App ProductId=”{a3f389e5-68ac-4797-b574-caef22035765}”/></Deny></AppPolicy>

    but I am getting an error status and still have access to the app on the windowsphone 8.1 lumia icon on Verizon.   

    Any ideas?

    All the best,  Thomas Hayes

    Tuesday, February 17, 2015 1:24 AM